<?php
/* 
Name: postans.php
For posting answers in "Ask A Doctor"
*/
include('../../../wp-blog-header.php');
if ( get_magic_quotes_gpc() ) {
    $_POST      = array_map( 'stripslashes_deep', $_POST );
}
$current_user = wp_get_current_user();
$uid = $current_user->user_login;
// Which code to run
$delete = false;
$insert = false;
if(isset($_POST['qdel'])){
if($_POST['qdel'] < 2901 && $_POST['qdel'] > 1799)
$delete = true;
}
else
$insert = true;

if($delete === true){
$qid = $_POST['qid'];
$myhash = $_POST['h'];
$qsalt = $_POST['qs'];
}
if($insert === true){
$quesd = $_POST['quesD'];
$quest = $_POST['quesT'];
$anon = (strtoupper($_POST['anon']) == 'YES')?true:false;
$myhash = $_POST['h'];
}


if (is_user_logged_in()):
	if(md5($uid) === $myhash):
		if($insert === true){
		// Basic authentication done
		$podans = array(
					'title' => $quest,
					'description' => $quesd,
					'anonymous' => $anon
					);
		$mypod = pods('questions');
		if($mypod->add($podans))
		echo "Success";
		}
		if($delete === true && current_user_can('administrator')){
		$trueid = substr($qid,0,-4);
		$salt = substr($qid,-4);
		$truedate = $salt.strrev($qsalt);
		
		//echo($trueid.','.$salt.','.$truedate);
		// Using the id, pull the date created
		$mypod = pods('questions', $trueid);
		if($mypod->exists()){
			$pulleddate = strtotime($mypod->display('created'));
			// Date and id match
			if($pulleddate == $truedate){
				if($mypod->delete()){
					//also delete all the answers to that question
					$param = array(
								'where' => 't.qid ='.$trueid
								);
					$mypods = pods('answers',$param);
					$mypods->delete();
					echo "Success";		
				}
			}
		}
		//if($mypod->remove($podans))
		}
	endif;
endif;
?>